Privacy Policy

Last updated: July 14, 2025

1.Introduction & Data Controller Information

Andishi is committed to protecting your personal data in strict compliance with the Data Protection Act, 2019 and its implementing regulations under Legal Notice 263/2021.

Data Controller Details

Company: Andishi Limited

Registration: Kenya Companies Registry

Address: Ruiru, Kiambu County, Kenya

ODPC Registration: In compliance with Section 25

Personal Data We Collect

We collect only necessary personal data, in strict adherence to the principles of data minimisation and purpose limitation as outlined in Section 26 of the Data Protection Act, 2019.

Developer Data

  • • Full name and professional title
  • • Email address and phone number
  • • Technical skills and certifications
  • • Work experience and portfolio
  • • Educational background
  • • Geographic location
  • • Availability and rate preferences

Client Data

  • • Company name and industry
  • • Contact person details
  • • Project requirements and scope
  • • Budget and timeline preferences
  • • Communication preferences
  • • Billing and payment information

Important Notice

Where personal data is obtained indirectly, we will notify you within 14 days as required by Regulation 4 of LN 263/2021.

Legal Basis for Processing

All personal data processing is conducted based on lawful grounds as specified in Section 30 of the Data Protection Act, 2019.

Contractual Performance

Processing necessary for contract performance with developers and clients, including project matching and payment processing.

Legitimate Business Interests

Platform security, fraud prevention, service improvement, and business analytics (balanced against your rights).

Consent

Where explicitly required, such as for marketing communications or optional features.

Legal Compliance

Processing required to comply with legal obligations under Kenyan law.

Data Disclosure & Sharing

We may share your data only under legally permitted circumstances as outlined in Section 35 and Regulation 21 of LN 263/2021.

Trusted Service Providers

  • • Cloud hosting services
  • • Payment processors
  • • Email services
  • • Analytics platforms

Legal Requirements

  • • Court orders and legal processes
  • • Regulatory compliance
  • • Government authorities
  • • Law enforcement requests

Data Protection Standards

All data sharing requires written agreements specifying purpose, retention period, and safeguards in compliance with Regulation 21 of LN 263/2021.

Data Retention & Security

Personal data is retained only for as long as necessary for the stated purposes, in accordance with our Data Retention Schedule.

Retention Periods

  • • Financial records: 7 years
  • • Project files: 3 years after completion
  • • User profiles: 1 year after inactivity
  • • Communication logs: 2 years

Security Measures

  • • End-to-end encryption
  • • Multi-factor authentication
  • • Regular security audits
  • • Staff training programs

Your Rights as a Data Subject

In accordance with the Data Protection Act, 2019, you have the following rights:

Access & Control Rights

  • • Access and retrieve your data (21 days)
  • • Request correction of inaccurate data
  • • Demand deletion of unlawfully processed data
  • • Data portability to another controller

Processing Rights

  • • Object to processing on legitimate grounds
  • • Restrict processing in certain cases
  • • Withdraw consent at any time
  • • Human review of automated decisions

How to Exercise Your Rights

Submit requests to our Data Protection Officer through the contact details below. We respond promptly within statutory timeframes, free of charge.

Automated Decision-Making

If we use automated profiling or decision-making that significantly affects you, we will inform you of the logic involved and provide options for human review.

Your Rights

You have the right to human intervention, express your point of view, and contest automated decisions under the Data Protection Act.

Data Protection Officer & Complaints

We are registered with the Office of the Data Protection Commissioner (ODPC) and maintain high standards of data protection compliance.

Filing Complaints

You may lodge complaints with the Data Protection Commissioner or through our internal complaints process. We are committed to resolving issues promptly and transparently.

Contact Us

If you have any questions or requests regarding your personal data, reach us at:

Contact Information

Company: Andishi LTD

Address: Ruiru, Kiambu, Kenya

Email: info@andishi.dev

Phone: +254 759 912 373